Security Incident Response state flows

State flows control the sequence in which records transition between states in security incident response. Security Incident Response is a Service Management (SM) application and, therefore, shares state flow functionality with other SM applications. Security Incident Response, however, has its own set of states.

Security Incident Response states

The following states are available in Security Incident Response.
Table 1. Security incident states
State Description
Draft The request initiator adds information about the security incident, but it is not yet ready to be worked on.
Analysis The incident has been assigned and the issue is being analyzed.
Contain The issue has been identified and the security staff is working to contain it and perform damage control. This might include taking servers offline, disconnecting equipment from the Internet, verifying that backups exist, and so forth.
Eradicate The issue has been contained and the security staff is taking steps to fix the issue.
Recover The issue is resolved and the operational readiness of the affected systems are being verified.
Review The security incident has been completed, and all systems are back to normal function, but a post incident review is still needed.
Closed The incident was completed. Before a security incident can be closed, you must fill out the information on the Closure Information tab.

Security incident response task states

The following task states are available in security incident response.
Table 2. Security incident response task states
State Description
Draft The task initiator adds information about the request, but it is not yet ready to be worked on.
Ready The task is ready to be worked on as soon as it is assigned to an agent.
Assigned The task has been assigned to an agent.
Work In Progress The assigned agent has begun work on the task.
Closed Complete The task has been completed.
Cancelled The task was cancelled.

State flows control how security incidents and security requests, and their associated tasks move between states. The state flows create business rules, client scripts, and UI actions that perform the transitions and field controls you specify. These programming elements remain in use while the state flow records that use them are present. When state flows on the security incident response application table are deleted, the system attempts to delete any unnecessary programming elements that were created on that table. You can limit the selections for the State field to valid states for the transition, based on the starting state.

State flows provide the following controls:
  • Manual transitions:A UI action that initiates a transition. Manual transitions are created automatically by the system when you provide a condition or a script.
  • Automatic transitions: A business rule that initiates a transition when changes are made to a request or task. Automatic transitions are created automatically by the system when you provide a condition and a script,

Features available with state flows

  • Custom transitions: Customize the order in which states can change for requests and task records.
  • Field controls: Control the behavior and visibility of specific fields when a task changes states or reaches a specified end state.
  • Starting and Ending State choice lists: The values offered in a task record's Starting State or Ending State field are automatically filtered to show only valid states for that transition. This is the same client script that the system creates to manage field controls for state transitions.
  • Events: Trigger events when a state transition occurs or when a record reaches a specific end state.